Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e33362e302f32342d3234203d3e20323134343332.roa
File:                     352e3139392e33362e302f32342d3234203d3e20323134343332.roa (raw, json)
Hash identifier:          ++74KNNyoK/w6rokK5wEzwDHEydTAWqnGIKlGIUP21g=
Subject key identifier:   91:5F:11:E3:40:BB:E5:4E:E8:A3:66:53:07:35:AE:99:E5:37:1F:1D
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       5679728B39C5D7DE12E68D39DCF89BA034284EB8
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e33362e302f32342d3234203d3e20323134343332.roa
Signing time:             Sat 07 Mar 2026 19:28:41 +0000
ROA not before:           Sat 07 Mar 2026 19:23:41 +0000
ROA not after:            Sat 06 Mar 2027 19:28:41 +0000
asID:                     214432
IP address blocks:        5.199.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Mar 2026 20:23:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:79:72:8b:39:c5:d7:de:12:e6:8d:39:dc:f8:9b:a0:34:28:4e:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Mar  7 19:23:41 2026 GMT
            Not After : Mar  6 19:28:41 2027 GMT
        Subject: CN=915F11E340BBE54EE8A366530735AE99E5371F1D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f6:92:d1:19:bd:25:ad:36:21:e9:03:ab:09:
                    ee:9b:54:ba:43:fc:59:2d:37:3b:61:57:25:04:f9:
                    51:ed:09:19:c3:04:11:6e:60:96:6f:33:0a:0a:2e:
                    2c:10:eb:1d:b9:7f:bb:c5:1a:75:46:e8:98:a3:c5:
                    85:a7:ea:ea:f0:01:3a:b9:d9:28:f0:64:58:1b:36:
                    8d:23:be:81:d4:a1:82:33:c8:7c:65:a3:c1:e1:38:
                    3d:f1:86:99:b4:fe:9b:d3:8a:87:42:da:3f:43:5d:
                    67:23:af:af:51:ff:9d:9e:d6:96:34:39:e8:28:e7:
                    1d:ee:55:fd:04:c5:15:d8:96:3d:3a:9a:dc:21:26:
                    42:f7:f1:ae:91:5b:13:bc:85:c6:8c:cd:67:48:93:
                    e9:65:c8:d4:8c:ed:81:00:cb:1c:a8:82:7d:c2:66:
                    44:45:22:35:3e:1b:19:c3:50:fe:17:73:ac:8c:6b:
                    3c:ec:a9:d2:42:2b:1a:34:0a:f7:b2:3b:99:a0:54:
                    60:49:8b:6a:fd:06:2f:48:7f:e5:fb:2c:99:24:e3:
                    b4:cd:ef:3b:d1:5b:02:54:3a:2e:27:09:28:64:6f:
                    fc:d1:82:bc:33:aa:f7:11:28:d7:20:1c:23:19:72:
                    e1:d9:35:8c:de:6a:83:33:89:20:c4:ee:0c:a6:cb:
                    ae:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:5F:11:E3:40:BB:E5:4E:E8:A3:66:53:07:35:AE:99:E5:37:1F:1D
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e33362e302f32342d3234203d3e20323134343332.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:dc:65:a2:63:2e:c1:e0:ec:ce:bf:70:0c:6b:2b:68:e8:8f:
         00:38:02:af:02:70:77:77:61:8a:2e:44:ea:c7:ad:4b:21:06:
         71:87:4b:f0:a1:12:1c:76:de:bc:d5:8e:e0:c2:1e:fd:b1:2c:
         d9:5c:bc:eb:09:ec:e4:25:7d:f1:16:c5:d6:11:64:01:85:ab:
         24:c5:bc:ad:a3:e0:40:36:48:51:b3:a7:2a:04:f5:48:b6:8a:
         61:ff:9a:3b:d6:27:22:eb:72:80:f0:ea:1c:63:fb:c1:76:f5:
         0d:18:3e:bf:ac:14:28:0c:9d:d5:b6:59:6c:96:1a:ed:dc:bf:
         e6:e3:e6:66:25:1d:03:86:88:2e:1a:43:16:f1:a4:4c:d5:9e:
         dd:42:b2:89:61:0b:0b:b5:b1:13:ba:4e:95:95:a2:fd:4c:8b:
         03:06:7f:c6:13:04:98:cc:54:67:ca:f2:57:2b:a4:5a:71:3e:
         b3:40:91:d1:96:51:a2:94:e3:55:02:bd:b5:56:b0:f3:ff:35:
         cc:96:66:6a:49:8e:b4:e6:e9:29:15:de:99:5a:df:7b:75:a6:
         4c:b9:d7:9f:5d:bc:dd:54:03:38:d1:80:b1:c7:9e:97:1d:25:
         97:41:1b:f5:e0:fe:64:da:98:0c:c4:d8:2a:65:e1:17:c1:7e:
         d0:8f:ac:58
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVnlyiznF194S5o053PiboDQoTrgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAzMDcxOTIzNDFaFw0yNzAzMDYxOTI4NDFaMDMxMTAvBgNV
BAMTKDkxNUYxMUUzNDBCQkU1NEVFOEEzNjY1MzA3MzVBRTk5RTUzNzFGMUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC49pLRGb0lrTYh6QOrCe6bVLpD
/FktNzthVyUE+VHtCRnDBBFuYJZvMwoKLiwQ6x25f7vFGnVG6JijxYWn6urwATq5
2SjwZFgbNo0jvoHUoYIzyHxlo8HhOD3xhpm0/pvTiodC2j9DXWcjr69R/52e1pY0
Oego5x3uVf0ExRXYlj06mtwhJkL38a6RWxO8hcaMzWdIk+llyNSM7YEAyxyogn3C
ZkRFIjU+GxnDUP4Xc6yMazzsqdJCKxo0CveyO5mgVGBJi2r9Bi9If+X7LJkk47TN
7zvRWwJUOi4nCShkb/zRgrwzqvcRKNcgHCMZcuHZNYzeaoMziSDE7gymy66pAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUkV8R40C75U7oo2ZTBzWumeU3Hx0wHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzMzNjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNDM0MzMzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAXH
JDANBgkqhkiG9w0BAQsFAAOCAQEAtdxlomMuweDszr9wDGsraOiPADgCrwJwd3dh
ii5E6setSyEGcYdL8KESHHbevNWO4MIe/bEs2Vy86wns5CV98RbF1hFkAYWrJMW8
raPgQDZIUbOnKgT1SLaKYf+aO9YnIutygPDqHGP7wXb1DRg+v6wUKAyd1bZZbJYa
7dy/5uPmZiUdA4aILhpDFvGkTNWe3UKyiWELC7WxE7pOlZWi/UyLAwZ/xhMEmMxU
Z8ryVyukWnE+s0CR0ZZRopTjVQK9tVaw8/81zJZmakmOtObpKRXemVrfe3WmTLnX
n1283VQDONGAsceelx0ll0Eb9eD+ZNqYDMTYKmXhF8F+0I+sWA==
-----END CERTIFICATE-----